diff options
| author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-21 12:35:40 +0100 |
|---|---|---|
| committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-21 12:35:40 +0100 |
| commit | c7a39ffa911f06ae60cc22ac237b6e82522a93b8 (patch) | |
| tree | 41aae55496d7e2e64eb42e6a56560005384f6271 | |
| parent | 64c23778547b14a6a8063280d07051eddf475e48 (diff) | |
| download | gitlab-ce-c7a39ffa911f06ae60cc22ac237b6e82522a93b8.tar.gz | |
Schedule background migration for encrypting runners tokens
| -rw-r--r-- | db/post_migrate/20181121111200_schedule_runners_token_encryption.rb | 38 | ||||
| -rw-r--r-- | db/schema.rb | 2 | ||||
| -rw-r--r-- | lib/gitlab/background_migration/encrypt_runners_tokens.rb | 20 |
3 files changed, 59 insertions, 1 deletions
diff --git a/db/post_migrate/20181121111200_schedule_runners_token_encryption.rb b/db/post_migrate/20181121111200_schedule_runners_token_encryption.rb new file mode 100644 index 00000000000..33403610d8e --- /dev/null +++ b/db/post_migrate/20181121111200_schedule_runners_token_encryption.rb @@ -0,0 +1,38 @@ +# frozen_string_literal: true + +class ScheduleRunnersTokenEncryption < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + BATCH_SIZE = 10000 + RANGE_SIZE = 100 + MIGRATION = 'EncryptRunnersTokens' + + MODELS = [ + ::Gitlab::BackgroundMigration::Models::EncryptColumns::Settings, + ::Gitlab::BackgroundMigration::Models::EncryptColumns::Namespace, + ::Gitlab::BackgroundMigration::Models::EncryptColumns::Project, + ::Gitlab::BackgroundMigration::Models::EncryptColumns::Runner + ].freeze + + disable_ddl_transaction! + + def up + MODELS.each do |model| + model.each_batch(of: BATCH_SIZE) do |relation, index| + delay = index * 2.minutes + + relation.each_batch(of: RANGE_SIZE) do |relation| + range = relation.pluck('MIN(id)', 'MAX(id)').first + args = [model, model.encrypted_attributes.keys, *range] + + BackgroundMigrationWorker.perform_in(delay, MIGRATION, args) + end + end + end + end + + def down + # no-op + end +end diff --git a/db/schema.rb b/db/schema.rb index b8875837471..43415954f18 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20181121101802) do +ActiveRecord::Schema.define(version: 20181121111200) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" diff --git a/lib/gitlab/background_migration/encrypt_runners_tokens.rb b/lib/gitlab/background_migration/encrypt_runners_tokens.rb new file mode 100644 index 00000000000..4647301f1a9 --- /dev/null +++ b/lib/gitlab/background_migration/encrypt_runners_tokens.rb @@ -0,0 +1,20 @@ +# frozen_string_literal: true + +module Gitlab + module BackgroundMigration + # EncryptColumn migrates data from an unencrypted column - `foo`, say - to + # an encrypted column - `encrypted_foo`, say. + # + # We only create a subclass here because we want to isolate this migration + # (migrating unencrypted runner registration tokens to encrypted columns) + # from other `EncryptColumns` migration. This class name is going to be + # serialized and stored in Redis and later picked by Sidekiq, so we need to + # create a separate class name in order to isolate these migration tasks. + # + # We can solve this differently, see tech debt issue: + # + # https://gitlab.com/gitlab-org/gitlab-ce/issues/54328 + # + class EncryptRunnersTokens < EncryptColumns; end + end +end |